Imperva Cyber Security Blog

A recent Anonymous video admits that they’ve been fairly quiet lately. From an American and Western European perspective, this is somewhat true. In 2010, Anonymous built a reputation with Operation Payback. Since then, there have been various campaigns that have been global in nature—such as the DDoS attack that followed the closure of MegaUpload.

From a global perspective, the video isn’t completely correct. Since then, Anonymous’ activity has become regional in nature. Like soccer, every culture or nation brings their own twist such as the Spanish passing game, the German set piece or Brazilian flexibility. For Anonymous, the process and objective remain pretty much the same: distributed denial of service (DDoS) attacks and data theft. In some special cases, there are more focused attacks designed to deface or steal targeted information such as Anonymous’ theft and exposure of Syrian government files and emails.

What does the present-day Anonymous look like? There are two emerging groups.

Group #1: GlobalThe group has a global presence which only occasionally embarks on a campaign. Typically, these campaigns, such as the attack on the Syrian government, is reactive. There is a simple patter: incident, response. The Syrian hack sticks out because of its visibility, but there are more examples:

Anonymous hackers aided a global search for a cyber-vandal who defaced a charity website.

Anonymous DDoSed a French company who tried to register the Anonymous motto.

But note that these incidents are reactive to an incident. By contrast, there have been hardly any proactive attacks. For example, one planned attack which was conceived in the Netherlands, Operation NewSon, never occurred. The objective: attack the wealthiest, biggest companies worldwide. According to the web page promoting the attack, they wished to:

attack several high corporate entities. Shortly after the start of the operation, we plan to release precious classified data on the already set out list of targets we do have. Those targets are none other then the ones who ultimately rule: the high revenue making companies of the world. While attacking the major companies of this planet may seem lulzy, we also wish that this operation make a difference.

Thought it attracted some attention, this campaign never got off the ground.

Group #2: Regional The local versions, by contrast, are much more proactive. No incident required to invoke a response. For the best examples, let’s go to Latin America. In Brazil, Argentina and Mexico there have been numerous attacks that did not react to any specific incident. Rather, the idea was attack for the sake of attack. Though we can’t give precise numbers since it’s very difficult to follow activity globally, but it seems quite clear that this category of attacks is much higher by volume. In Brazil Anonymous attacked several major Brazilian government agencies, two major airlines and recently took down most government agencies in Rio. In Argentina, whereseveralattacks took down banks and government agencies as well.

What are the lessons?

Anonymous may be quieter, but only in your region.

Anonymous is much more active in developing countries, where presumably there is a larger pool of politically motivated hacktivists.